CADRE will be overseen by its local committees: the CADRE SDE Oversight Committee and the CADRE Data Access Committee. The SDE Oversight Committee will have a strategic role to run CADRE for the Cambridge and Peterborough environment. The Data Access Committee will be responsible for reviewing applications from researchers to access CADRE to conduct their studies.

For CADRE-Cambridge, both the CADRE SDE Oversight Committee and the CADRE Data Access Committee include representatives from the data providers in the area that are involved in CADRE-Cambridge, namely:

• Cambridge and Peterborough NHS Foundation Trust
• East of England Community Health and Care NHS Trust
• Cambridge University Hospitals NHS Foundation Trust
• Cambridgeshire County Council
• Peterborough City Council
• North West Anglia NHS Foundation Trust

Patient and public representatives, clinicians and other subject matter experts are also part of the committees to ensure different views are considered when operating CADRE and access to the datasets.

As new CADRE sites come on board, we will add the organisations involved in their local governance and Data Access Committees, which will follow the same structure as CADRE-Cambridge’s one outlined above.

There will be an opportunity to “federate” databases in CADRE. “Federating” means that researchers can analyse data from CADRE databases in different regions without the need to pool all the data together. The technology which CADRE uses allows for “privacy-preserving federated analytics” – this enables researchers to generate anonymous outputs of their analyses, meaning it cannot be linked back to individuals, without the need to transfer identifiable patient-level data outside of a third-party provider’s environment.

This approach will help to:

• Access a larger sample of patients, increasing the diversity and representativeness of a cohort hence improving the quality of research studies and making the research relevant to a wider group of people
• Explore rarer conditions and sub-groups

Because federated analysis (which involves analysing multiple datasets) can be carried out between different CADRE databases (or other databases, for example), we need to have accountable organisations at federation level – i.e., a body which would oversee how people’s data is used across the entire CADRE network.

To do this, a CADRE Data Federation Governance Group (DFGG) will make strategic decisions according to the Data Federation Framework and ensure that all data protection laws, confidentiality rules, and ethical practices for health data sharing are followed, aiming to promote cooperation between the local SDEs.

The CADRE Data Federation Governance Group includes representatives of each CADRE database (or SDE) within CADRE, namely:

• CADRE-Cambridge
• New CADRE databases established in other regions
• Any other trusted research environment that joins the federated CADRE network
• Patient and public representatives
• Clinical and subject matter experts

These organisations have been actively involved in developing our information governance framework, along with our wider patient and public involvement (PPI) groups.

To become a member of the CADRE federated network, organisations will have to meet several requirements and be approved by the CADRE Data Federation Governance Group. For example, they will need to:

• Be based, and store data, in the United Kingdom or in a country recognised by the United Kingdom as providing a similar level of personal data protection via an “adequacy decision”
• Be registered with the Information Commissioner’s Office (ICO)
• Have completed the NHS Data Security and Protection Toolkit or another internationally recognised information management accreditation such as ISO or SOC
• Join the existing data sharing agreements regulating the CADRE site environment they wish to join

In addition, the CADRE Data Federation Group will oversee the CADRE Federated Research Approval Group. This committee will have delegated authority to review and approve research requests for projects which require access to data across multiple CADREs. Its membership will be similar to the CADRE Data Federation Governance Group so that each CADRE database part of the federation can contribute to the decision whether to allow the processing of data within its environment for the purposes of a specific study.

CADRE is not a legal entity, but an environment that enables research, including federated analysis, to be carried out. The organisations involved in the CADRE data federation are the legal entities and data controllers managing CADRE.

According to the CADRE sharing agreements, each organisation must comply with all data protection principles and prove they meet any relevant regulatory requirements. The access committees will review applications according to the UK General Data Protection Regulation (UK GDPR), including the principles of:

Fairness, Lawfulness and Transparency

Part of the principle of fair processing is that the individuals need to be kept informed about how their data is being used. We think this is highly important and information will be made available at each step of the development of CADRE. Each data provider in CADRE will also cover related processing activities in their privacy notices.

Purpose Limitation

CADRE researchers must define the study purpose in their application form, and they will only have access to the specific data subsets they need for that purpose.

Accuracy

Under the Data Federation Framework, each CADRE participating organisation must have the right systems and procedures in place to correct inaccurate information and to add information to incomplete records. Data quality is built into all the procedures and is continuously improved.

Data Minimisation

Approved researchers will only have access to limited datasets which are pseudonymised for them to carry out their research. They cannot find out the identity of any individual, unless that person has given their explicit consent for this before the research takes place. Access to the data is granted for a duration of 12 months.

Storage limitation

Once approved researchers are granted access to the relevant datasets for their research purposes, access to the data will be limited to a standard duration of 12 months, subject to extension requests.

Integrity and confidentiality 

Personal data within CADRE will be processed by third party processors in a manner that ensures the appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Each project will be also supported by a Data Protection Impact Assessment that will systematically review all data processing activities related to the study, assess the risks to patients’ rights and freedoms, and suggest ways to reduce or eliminate these risks.

All assessments will be carried out by analysing the following key factors:

• What is the study’s purpose, is data needed, in what format, from which category data subjects, and how will it improve health and care outcomes for young people
• What is the legal basis for using the data
• How is the data being stored
• Will there be any data transfers
• How is data accuracy and quality ensured
• What are the security, integrity and confidentiality measures
• What patient and public involvement has taken place
• What are the potential risks and how can they be mitigated.

Your Rights Under Data Protection Laws

Each participating organisation will ensure compliance with your rights in respect to your personal data, including the right to be informed, right of access, right to rectification, right to erasure, right to restriction of processing, right to object and right not to be subject to automated decision-making and profiling. Each data provider across CADRE will ensure that:

• Their staff know how to identify and deal with both verbal and written data requests from service users
• Appropriate resources are in place to handle these requests
• All requests are adequately logged and updated to track the handling of each request
• All requests are complied with on time and in a way that meets individual expectations and statutory timescales
• Appropriate systems and procedures are in place to change inaccurate information, add additional information to incomplete records or add a supplementary statement where necessary
• Appropriate methods and procedures are in place to delete, suppress or otherwise stop processing personal data if needed
• Appropriate methods and procedures are in place to restrict the processing of personal data if needed.

Each party must also give reasonable assistance to any other parties to enable them to comply with any requests received or to respond to queries or complaints from data subjects. To know more about your rights, please refer to the privacy notices in Resources.